Cisco finds hackers are winning the security fight

Hackers are winning the enterprise security fight according to a Cisco’s 2010 mid-year security report.

The industry is now so highly advanced that malware writers are copy-protecting their own malware and are both better funded and more better than the forces of IT security.

“Why do hackers succeed?” said John Stewart, chief security officer at Cisco

“They’re lucky, they’re patent and they’re brilliant. They’re also better funded than you.”

The report found a continuing of the trend towards smaller and smaller targets, as well as pinpointing precise individuals because of their access to key data.

Companies need a “go-to” team for cybersecurtity, a group of specialists who know who to contact in law enforcement and how to provide evidence that can be used in criminal prosecutions. These relationships with law enforcement need to be built up and in place before an attack occurs.

Overall the report found three major areas of concern: the proliferation of mobile and internet-enabled devices, increasing focus on virtualisation and the boom in social networking.

The sheer variety of mobile devices that companies are looking to support makes them vulnerable the report finds, with IT departments unable to keep up with the flow. In addition, devices like Wi-Fi printers posed their own security risks.

While virtualisation may have many gains the report recommends that IT administrators need to keep a tight control on the access to and management of data. Regular system health checks are needed and Cisco recommends an annual review of data storage and location.

Social media is also a new threat vector. The report found half of all staff ignored company policy and accessed social networking sites on company systems and 27 per cent manually change their security settings to allow them to do so.

Many of these people are using social games, with seven per cent of Facebook users spending 68 minutes per day playing the game. Mafia Wars and Café World were the next most popular games.

Social networking sites are particularly vulnerable to click-through attacks using malware-laden web pages. However, over the last year the effectiveness of these attacks has only risen by a negligible amount, showing users are becoming more security aware.